Alberts, C., & Dorofee, A. (2002). Managing information security risks: The OCTAVE(sm) approach. Boston, MA: Addison-Wesley.
Behr, K., Kim, G. & Spafford, G. (2004). The visible ops handbook: Starting ITIL in 4practical steps .Eugene, OR: Information Technology Process Institute.
McCumber, J. (2005). Assessing and managing security risk in IT systems: A structuredmethodology. Boca Raton, FL: Auerbach Publications.
Microsoft (2006). Security risk management guide. (http://www.microsoft.com/technet/security/guidance/complianceandpolicies/secrisk/)
National Institute of Standards and Technology. (2002). Risk management guide forinformation technology systems. Special Publication 800-30. Washington, DC: U.S. GPO. (http://csrc.nist.gov/publications/nistpubs/800-34/sp800-30.pdf)
National Institute of Standards and Technology. (2002). Contingency planning guide forinformation technology systems. Special Publication 800-34. Washington, DC: U.S. GPO. (http://csrc.nist.gov/publications/nistpubs/800-34/sp800-34.pdf)
Office of Government and Commerce. (2007). Introduction to the ITIL service lifecycle(ITIL Version 3). United Kingdom: The Stationary Office.
Weill, P., & Vitale, M. (2002). What IT infrastructure capabilities are needed to implement E-business models? MIS Quarterly Executive, 1(1), 17-34.
Weill, P., & Broadbent, M. (1998). Leveraging the new infrastructure: How marketleaders capitalize on information technology.Boston, MA: Harvard Business School Press.
http://en.wikipedia.org/wiki/ITIL
http://en.wikipedia.org/wiki/Risk_management
- 瀏覽次數:1250
